High hopes for DoH protocol

The standard is still under discussion at the Internet Engineering Task Force (IETF), and should not be confused with DNSSEC, a standard that uses encryption, but not for “confidentiality” but instead for “origin authentication” between DNS client and server.

DNSSEC was developed to combat DNS-based DDoS attacks and origin IP spoofing, while DoH was created to provide query confidentiality against third-party observers —such as ISPs.

Despite being less than a year old, many view DOH as the encrypted version of the DNS standard, similar to how HTTPS is to HTTP .

Mozilla tests DoH even before protocol’s approval

But even if Mozilla engineers don’t have a final version of the DOH standard, they have decided to test-run the protocol and see how it would fare in the real world.

“Soon we’ll be launching a Nightly-based pref-flip shield study to confirm the feasibility of doing DNS over HTTPs (DoH),” said Patrick McManus, a Mozilla engineer.

“If all goes well the study will launch Monday (and if not, probably the following Monday),” he added. “It will run <= 1 week. If you’re running Nightly and you want to see if you’re in the study check about:studies.”

If a user has been selected to participate in the Firefox shield study, a new entry will appear in the about:studies page and new preferences will show up in the about:config section.

Unfortunately, Bleeping Computer was not selected for the DoH shield study, but you can check out a list of all the new DoH-related preferences on GitHub or in this Ghacks article.

To keep track of how the experiment goes, you can bookmark this Google Groups discussion and this Mozilla bug tracker entry.